feat: 实现Apache Cassandra数据库服务专业扫描插件

• 新增Cassandra插件支持Native Protocol (9042端口) • 实现弱密码检测和未授权访问检测 • 支持自动利用：信息收集、Keyspace枚举、数据提取 • 集成-nobr模式服务识别和-ne自动利用功能 • 完整的Context超时机制和代理支持 • 添加中英文国际化消息支持 • 基于新插件架构实现模块化设计功能特性: - 支持gocql驱动的CQL查询和认证 - 智能识别Cassandra Native Protocol v4 - 三种利用方法：系统信息、数据库结构、敏感数据 - 完整的错误处理和超时控制机制
2025-09-14 14:06:44 +08:00 · 2025-08-08 04:34:32 +08:00 · 2025-08-08 04:34:32 +08:00 · 516225a11f
commit 516225a11f
parent 51735c4e25
3 changed files with 783 additions and 0 deletions
--- a/Plugins/services/cassandra/connector.go
+++ b/Plugins/services/cassandra/connector.go
@ -0,0 +1,169 @@
+package cassandra
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strconv"
+	"time"
+
+	"github.com/gocql/gocql"
+	"github.com/shadow1ng/fscan/common"
+	"github.com/shadow1ng/fscan/plugins/base"
+)
+
+// CassandraConnector Cassandra连接器实现
+type CassandraConnector struct {
+	host string
+	port string
+}
+
+// CassandraProxyDialer 实现gocql.Dialer接口，支持代理连接
+type CassandraProxyDialer struct {
+	timeout time.Duration
+}
+
+// DialContext 实现代理拨号
+func (d *CassandraProxyDialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
+	host, port, err := net.SplitHostPort(addr)
+	if err != nil {
+		return nil, err
+	}
+	return common.WrapperTcpWithContext(ctx, network, fmt.Sprintf("%s:%s", host, port))
+}
+
+// NewCassandraConnector 创建Cassandra连接器
+func NewCassandraConnector() *CassandraConnector {
+	return &CassandraConnector{}
+}
+
+// Connect 连接到Cassandra服务
+func (c *CassandraConnector) Connect(ctx context.Context, info *common.HostInfo) (interface{}, error) {
+	c.host = info.Host
+	c.port = info.Ports
+	
+	// 创建Cassandra集群配置
+	cluster := gocql.NewCluster(c.host)
+	
+	// 解析端口
+	port, err := strconv.Atoi(c.port)
+	if err != nil {
+		return nil, fmt.Errorf("无效的端口号: %s", c.port)
+	}
+	cluster.Port = port
+	
+	// 设置连接参数
+	timeout := time.Duration(common.Timeout) * time.Second
+	cluster.Timeout = timeout
+	cluster.ConnectTimeout = timeout
+	cluster.ProtoVersion = 4
+	cluster.Consistency = gocql.One
+	
+	// 如果配置了代理，设置自定义Dialer
+	if common.Socks5Proxy != "" {
+		cluster.Dialer = &CassandraProxyDialer{
+			timeout: timeout,
+		}
+	}
+	
+	// 设置重试策略
+	cluster.RetryPolicy = &gocql.SimpleRetryPolicy{NumRetries: 3}
+	
+	return cluster, nil
+}
+
+// Authenticate 认证
+func (c *CassandraConnector) Authenticate(ctx context.Context, conn interface{}, cred *base.Credential) error {
+	cluster, ok := conn.(*gocql.ClusterConfig)
+	if !ok {
+		return fmt.Errorf("无效的连接类型")
+	}
+	
+	// 创建集群配置副本
+	authCluster := *cluster
+	
+	// 设置认证信息
+	if cred.Username != "" || cred.Password != "" {
+		authCluster.Authenticator = gocql.PasswordAuthenticator{
+			Username: cred.Username,
+			Password: cred.Password,
+		}
+	}
+	
+	// 创建会话通道以支持Context超时
+	sessionChan := make(chan struct {
+		session *gocql.Session
+		err     error
+	}, 1)
+	
+	// 在goroutine中创建会话，以便可以通过Context取消
+	go func() {
+		session, err := authCluster.CreateSession()
+		select {
+		case <-ctx.Done():
+			if session != nil {
+				session.Close()
+			}
+		case sessionChan <- struct {
+			session *gocql.Session
+			err     error
+		}{session, err}:
+		}
+	}()
+	
+	// 等待会话创建或Context取消
+	var session *gocql.Session
+	var err error
+	select {
+	case result := <-sessionChan:
+		session, err = result.session, result.err
+		if err != nil {
+			return fmt.Errorf("Cassandra认证失败: %v", err)
+		}
+	case <-ctx.Done():
+		return fmt.Errorf("Cassandra连接超时: %v", ctx.Err())
+	}
+	
+	defer session.Close()
+	
+	// 尝试执行查询验证连接
+	resultChan := make(chan struct {
+		success bool
+		err     error
+	}, 1)
+	
+	go func() {
+		var err error
+		
+		// 尝试两种查询，确保至少一种成功
+		err = session.Query("SELECT peer FROM system.peers").WithContext(ctx).Scan(nil)
+		if err != nil {
+			err = session.Query("SELECT now() FROM system.local").WithContext(ctx).Scan(nil)
+		}
+		
+		select {
+		case <-ctx.Done():
+		case resultChan <- struct {
+			success bool
+			err     error
+		}{err == nil, err}:
+		}
+	}()
+	
+	// 等待查询结果或Context取消
+	select {
+	case result := <-resultChan:
+		if !result.success && result.err != nil {
+			return fmt.Errorf("Cassandra查询验证失败: %v", result.err)
+		}
+		return nil
+	case <-ctx.Done():
+		return fmt.Errorf("Cassandra查询超时: %v", ctx.Err())
+	}
+}
+
+// Close 关闭连接
+func (c *CassandraConnector) Close(conn interface{}) error {
+	// Cassandra集群配置无需显式关闭
+	return nil
+}
--- a/Plugins/services/cassandra/exploiter.go
+++ b/Plugins/services/cassandra/exploiter.go
@ -0,0 +1,333 @@
+package cassandra
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/gocql/gocql"
+	"github.com/shadow1ng/fscan/common"
+	"github.com/shadow1ng/fscan/common/i18n"
+	"github.com/shadow1ng/fscan/plugins/base"
+)
+
+// CassandraExploiter Cassandra利用器
+type CassandraExploiter struct {
+	*base.BaseExploiter
+	connector *CassandraConnector
+}
+
+// NewCassandraExploiter 创建Cassandra利用器
+func NewCassandraExploiter() *CassandraExploiter {
+	exploiter := &CassandraExploiter{
+		BaseExploiter: base.NewBaseExploiter("cassandra"),
+		connector:     NewCassandraConnector(),
+	}
+	
+	// 添加利用方法
+	exploiter.setupExploitMethods()
+	
+	return exploiter
+}
+
+// setupExploitMethods 设置利用方法
+func (e *CassandraExploiter) setupExploitMethods() {
+	// 1. 信息收集
+	infoMethod := base.NewExploitMethod(base.ExploitDataExtraction, "information_gathering").
+		WithDescription(i18n.GetText("exploit_method_name_information_gathering")).
+		WithPriority(8).
+		WithConditions("has_credentials").
+		WithHandler(e.exploitInformationGathering).
+		Build()
+	e.AddExploitMethod(infoMethod)
+	
+	// 2. Keyspace枚举
+	enumMethod := base.NewExploitMethod(base.ExploitDataExtraction, "keyspace_enumeration").
+		WithDescription(i18n.GetText("exploit_method_name_database_enumeration")).
+		WithPriority(9).
+		WithConditions("has_credentials").
+		WithHandler(e.exploitKeyspaceEnumeration).
+		Build()
+	e.AddExploitMethod(enumMethod)
+	
+	// 3. 数据提取
+	dataMethod := base.NewExploitMethod(base.ExploitDataExtraction, "data_extraction").
+		WithDescription(i18n.GetText("exploit_method_name_data_extraction")).
+		WithPriority(7).
+		WithConditions("has_credentials").
+		WithHandler(e.exploitDataExtraction).
+		Build()
+	e.AddExploitMethod(dataMethod)
+}
+
+// exploitInformationGathering 信息收集
+func (e *CassandraExploiter) exploitInformationGathering(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
+	return e.executeWithSession(ctx, info, creds, "information_gathering", e.informationGathering)
+}
+
+// exploitKeyspaceEnumeration keyspace枚举
+func (e *CassandraExploiter) exploitKeyspaceEnumeration(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
+	return e.executeWithSession(ctx, info, creds, "keyspace_enumeration", e.keyspaceEnumeration)
+}
+
+// exploitDataExtraction 数据提取
+func (e *CassandraExploiter) exploitDataExtraction(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
+	return e.executeWithSession(ctx, info, creds, "data_extraction", e.dataExtraction)
+}
+
+// executeWithSession 使用Cassandra会话执行利用方法
+func (e *CassandraExploiter) executeWithSession(ctx context.Context, info *common.HostInfo, creds *base.Credential, methodName string, method func(context.Context, interface{}, string) ([]string, error)) (*base.ExploitResult, error) {
+	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	
+	// 建立连接
+	conn, err := e.connector.Connect(ctx, info)
+	if err != nil {
+		return nil, fmt.Errorf("连接失败: %v", err)
+	}
+	
+	// 认证
+	err = e.connector.Authenticate(ctx, conn, creds)
+	if err != nil {
+		return nil, fmt.Errorf("认证失败: %v", err)
+	}
+	
+	// 创建会话用于利用
+	cluster := conn.(*gocql.ClusterConfig)
+	if creds.Username != "" || creds.Password != "" {
+		cluster.Authenticator = gocql.PasswordAuthenticator{
+			Username: creds.Username,
+			Password: creds.Password,
+		}
+	}
+	
+	session, err := cluster.CreateSession()
+	if err != nil {
+		return nil, fmt.Errorf("创建会话失败: %v", err)
+	}
+	defer session.Close()
+	
+	// 执行方法
+	output, err := method(ctx, session, target)
+	if err != nil {
+		return &base.ExploitResult{
+			Success: false,
+			Error:   err,
+			Type:    base.ExploitDataExtraction,
+			Method:  methodName,
+			Output:  fmt.Sprintf("执行失败: %v", err),
+		}, nil
+	}
+	
+	return &base.ExploitResult{
+		Success: true,
+		Type:    base.ExploitDataExtraction,
+		Method:  methodName,
+		Output:  strings.Join(output, "\n"),
+	}, nil
+}
+
+// informationGathering 信息收集
+func (e *CassandraExploiter) informationGathering(ctx context.Context, session interface{}, target string) ([]string, error) {
+	cassandraSession := session.(*gocql.Session)
+	var output []string
+	
+	// 获取Cassandra版本信息
+	var releaseVersion string
+	err := cassandraSession.Query("SELECT release_version FROM system.local").WithContext(ctx).Scan(&releaseVersion)
+	if err == nil {
+		output = append(output, fmt.Sprintf("Cassandra版本: %s", releaseVersion))
+	}
+	
+	// 获取集群名称
+	var clusterName string
+	err = cassandraSession.Query("SELECT cluster_name FROM system.local").WithContext(ctx).Scan(&clusterName)
+	if err == nil {
+		output = append(output, fmt.Sprintf("集群名称: %s", clusterName))
+	}
+	
+	// 获取数据中心信息
+	var datacenter string
+	err = cassandraSession.Query("SELECT data_center FROM system.local").WithContext(ctx).Scan(&datacenter)
+	if err == nil {
+		output = append(output, fmt.Sprintf("数据中心: %s", datacenter))
+	}
+	
+	// 获取机架信息
+	var rack string
+	err = cassandraSession.Query("SELECT rack FROM system.local").WithContext(ctx).Scan(&rack)
+	if err == nil {
+		output = append(output, fmt.Sprintf("机架: %s", rack))
+	}
+	
+	// 获取节点ID
+	var hostId string
+	err = cassandraSession.Query("SELECT host_id FROM system.local").WithContext(ctx).Scan(&hostId)
+	if err == nil {
+		output = append(output, fmt.Sprintf("节点ID: %s", hostId))
+	}
+	
+	if len(output) == 0 {
+		return nil, fmt.Errorf("无法获取Cassandra信息")
+	}
+	
+	return output, nil
+}
+
+// keyspaceEnumeration keyspace枚举
+func (e *CassandraExploiter) keyspaceEnumeration(ctx context.Context, session interface{}, target string) ([]string, error) {
+	cassandraSession := session.(*gocql.Session)
+	var output []string
+	
+	// 查询所有keyspace
+	iter := cassandraSession.Query("SELECT keyspace_name FROM system_schema.keyspaces").WithContext(ctx).Iter()
+	defer iter.Close()
+	
+	var keyspaceName string
+	var keyspaces []string
+	
+	for iter.Scan(&keyspaceName) {
+		keyspaces = append(keyspaces, keyspaceName)
+	}
+	
+	if err := iter.Close(); err != nil {
+		return nil, fmt.Errorf("查询keyspace失败: %v", err)
+	}
+	
+	if len(keyspaces) > 0 {
+		output = append(output, fmt.Sprintf("发现Keyspaces: %s", strings.Join(keyspaces, ", ")))
+		
+		// 对每个非系统keyspace获取表信息
+		for _, ks := range keyspaces {
+			if !strings.HasPrefix(ks, "system") {
+				tables := e.getTablesInKeyspace(ctx, cassandraSession, ks)
+				if len(tables) > 0 {
+					output = append(output, fmt.Sprintf("Keyspace '%s' 中的表: %s", ks, strings.Join(tables, ", ")))
+				}
+			}
+		}
+	} else {
+		return nil, fmt.Errorf("未发现任何keyspace")
+	}
+	
+	return output, nil
+}
+
+// getTablesInKeyspace 获取keyspace中的表
+func (e *CassandraExploiter) getTablesInKeyspace(ctx context.Context, session *gocql.Session, keyspace string) []string {
+	iter := session.Query("SELECT table_name FROM system_schema.tables WHERE keyspace_name = ?", keyspace).WithContext(ctx).Iter()
+	defer iter.Close()
+	
+	var tableName string
+	var tables []string
+	
+	for iter.Scan(&tableName) {
+		tables = append(tables, tableName)
+	}
+	
+	return tables
+}
+
+// dataExtraction 数据提取
+func (e *CassandraExploiter) dataExtraction(ctx context.Context, session interface{}, target string) ([]string, error) {
+	cassandraSession := session.(*gocql.Session)
+	var output []string
+	
+	// 尝试读取一些系统表中的敏感信息
+	
+	// 获取所有用户角色信息（如果存在）
+	if roles := e.extractRoles(ctx, cassandraSession); len(roles) > 0 {
+		output = append(output, roles...)
+	}
+	
+	// 获取peer节点信息
+	if peers := e.extractPeers(ctx, cassandraSession); len(peers) > 0 {
+		output = append(output, peers...)
+	}
+	
+	// 尝试获取一些配置信息
+	if configs := e.extractConfigs(ctx, cassandraSession); len(configs) > 0 {
+		output = append(output, configs...)
+	}
+	
+	if len(output) == 0 {
+		return []string{"未能提取到敏感数据"}, nil
+	}
+	
+	return output, nil
+}
+
+// extractRoles 提取角色信息
+func (e *CassandraExploiter) extractRoles(ctx context.Context, session *gocql.Session) []string {
+	var output []string
+	
+	// 尝试查询角色表（Cassandra 2.2+）
+	iter := session.Query("SELECT role FROM system_auth.roles").WithContext(ctx).Iter()
+	defer iter.Close()
+	
+	var role string
+	var roles []string
+	
+	for iter.Scan(&role) {
+		roles = append(roles, role)
+	}
+	
+	if len(roles) > 0 {
+		output = append(output, fmt.Sprintf("发现角色: %s", strings.Join(roles, ", ")))
+	}
+	
+	return output
+}
+
+// extractPeers 提取peer节点信息
+func (e *CassandraExploiter) extractPeers(ctx context.Context, session *gocql.Session) []string {
+	var output []string
+	
+	iter := session.Query("SELECT peer, data_center, rack, release_version FROM system.peers").WithContext(ctx).Iter()
+	defer iter.Close()
+	
+	var peer, datacenter, rack, version string
+	var peerCount int
+	
+	for iter.Scan(&peer, &datacenter, &rack, &version) {
+		peerCount++
+		output = append(output, fmt.Sprintf("Peer节点 %d: %s (数据中心: %s, 机架: %s, 版本: %s)", 
+			peerCount, peer, datacenter, rack, version))
+	}
+	
+	if peerCount == 0 {
+		output = append(output, "未发现其他peer节点（单节点集群）")
+	}
+	
+	return output
+}
+
+// extractConfigs 提取配置信息
+func (e *CassandraExploiter) extractConfigs(ctx context.Context, session *gocql.Session) []string {
+	var output []string
+	
+	// 获取token信息
+	var tokens string
+	err := session.Query("SELECT tokens FROM system.local").WithContext(ctx).Scan(&tokens)
+	if err == nil && tokens != "" {
+		// 只显示token数量，不显示完整token（太长）
+		tokenList := strings.Split(strings.Trim(tokens, "{}"), ",")
+		output = append(output, fmt.Sprintf("节点tokens数量: %d", len(tokenList)))
+	}
+	
+	// 获取监听地址
+	var listenAddress string
+	err = session.Query("SELECT listen_address FROM system.local").WithContext(ctx).Scan(&listenAddress)
+	if err == nil && listenAddress != "" {
+		output = append(output, fmt.Sprintf("监听地址: %s", listenAddress))
+	}
+	
+	// 获取广播地址
+	var broadcastAddress string
+	err = session.Query("SELECT broadcast_address FROM system.local").WithContext(ctx).Scan(&broadcastAddress)
+	if err == nil && broadcastAddress != "" {
+		output = append(output, fmt.Sprintf("广播地址: %s", broadcastAddress))
+	}
+	
+	return output
+}
+
--- a/Plugins/services/cassandra/plugin.go
+++ b/Plugins/services/cassandra/plugin.go
@ -0,0 +1,281 @@
+package cassandra
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/shadow1ng/fscan/common"
+	"github.com/shadow1ng/fscan/common/i18n"
+	"github.com/shadow1ng/fscan/plugins/base"
+)
+
+// CassandraPlugin Cassandra插件实现
+type CassandraPlugin struct {
+	*base.ServicePlugin
+	exploiter *CassandraExploiter
+}
+
+// NewCassandraPlugin 创建Cassandra插件
+func NewCassandraPlugin() *CassandraPlugin {
+	// 插件元数据
+	metadata := &base.PluginMetadata{
+		Name:        "cassandra",
+		Version:     "2.0.0",
+		Author:      "fscan-team",
+		Description: "Apache Cassandra服务扫描和利用插件",
+		Category:    "service",
+		Ports:       []int{9042}, // Cassandra Native Protocol
+		Protocols:   []string{"tcp"},
+		Tags:        []string{"cassandra", "nosql", "database", "bruteforce"},
+	}
+	
+	// 创建连接器和服务插件
+	connector := NewCassandraConnector()
+	servicePlugin := base.NewServicePlugin(metadata, connector)
+	
+	// 创建Cassandra插件
+	plugin := &CassandraPlugin{
+		ServicePlugin: servicePlugin,
+		exploiter:     NewCassandraExploiter(),
+	}
+	
+	// 设置能力
+	plugin.SetCapabilities([]base.Capability{
+		base.CapWeakPassword,
+		base.CapDataExtraction,
+		base.CapInformationLeak,
+	})
+	
+	return plugin
+}
+
+// Scan 重写扫描方法以支持自动利用
+func (p *CassandraPlugin) Scan(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
+	// 如果禁用暴力破解，只进行服务识别
+	if common.DisableBrute {
+		return p.performServiceIdentification(ctx, info)
+	}
+	
+	// 执行基础的密码扫描
+	result, err := p.ServicePlugin.Scan(ctx, info)
+	if err != nil || !result.Success {
+		return result, err
+	}
+	
+	// 记录成功的弱密码/未授权访问发现
+	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	cred := result.Credentials[0]
+	
+	if cred.Username == "" && cred.Password == "" {
+		// 未授权访问
+		common.LogSuccess(i18n.GetText("plugin_unauthorized_access", "Cassandra", target))
+	} else {
+		// 弱密码
+		common.LogSuccess(i18n.GetText("plugin_login_success", "Cassandra", target, cred.Username, cred.Password))
+	}
+	
+	// 自动利用功能（可通过-ne参数禁用）
+	if result.Success && len(result.Credentials) > 0 && !common.DisableExploit {
+		p.autoExploit(context.Background(), info, result.Credentials[0])
+	}
+	
+	return result, nil
+}
+
+// generateCredentials 生成Cassandra凭据
+func (p *CassandraPlugin) generateCredentials() []*base.Credential {
+	// 获取Cassandra专用的用户名字典
+	usernames := common.Userdict["cassandra"]
+	if len(usernames) == 0 {
+		// 默认Cassandra用户名（包含空用户名用于测试未授权访问）
+		usernames = []string{"", "cassandra", "admin", "root", "user"}
+	}
+	
+	// 生成凭据组合，包括空密码测试未授权访问
+	var credentials []*base.Credential
+	
+	// 首先测试未授权访问（空用户名和密码）
+	credentials = append(credentials, &base.Credential{
+		Username: "",
+		Password: "",
+	})
+	
+	// 然后生成常规用户名密码组合
+	regularCreds := base.GenerateCredentials(usernames, common.Passwords)
+	credentials = append(credentials, regularCreds...)
+	
+	return credentials
+}
+
+// autoExploit 自动利用功能
+func (p *CassandraPlugin) autoExploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) {
+	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	common.LogDebug(i18n.GetText("plugin_exploit_start", "Cassandra", target))
+	
+	// 执行利用操作
+	result, err := p.exploiter.Exploit(ctx, info, creds)
+	if err != nil {
+		common.LogError(i18n.GetText("plugin_exploit_failed", "Cassandra", err))
+		return
+	}
+	
+	// 处理利用结果
+	if result != nil && result.Success {
+		// SaveExploitResult会自动使用LogSuccess显示红色利用成功消息
+		base.SaveExploitResult(info, result, "Cassandra")
+	}
+}
+
+// Exploit 使用exploiter执行利用
+func (p *CassandraPlugin) Exploit(ctx context.Context, info *common.HostInfo, creds *base.Credential) (*base.ExploitResult, error) {
+	return p.exploiter.Exploit(ctx, info, creds)
+}
+
+// GetExploitMethods 获取利用方法
+func (p *CassandraPlugin) GetExploitMethods() []base.ExploitMethod {
+	return p.exploiter.GetExploitMethods()
+}
+
+// IsExploitSupported 检查利用支持
+func (p *CassandraPlugin) IsExploitSupported(method base.ExploitType) bool {
+	return p.exploiter.IsExploitSupported(method)
+}
+
+// performServiceIdentification 执行Cassandra服务识别（-nobr模式）
+func (p *CassandraPlugin) performServiceIdentification(ctx context.Context, info *common.HostInfo) (*base.ScanResult, error) {
+	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	
+	// 尝试连接到Cassandra服务进行识别
+	cassandraInfo, isCassandra := p.identifyCassandraService(ctx, info)
+	if isCassandra {
+		// 记录服务识别成功
+		common.LogSuccess(i18n.GetText("cassandra_service_identified", target, cassandraInfo))
+		
+		return &base.ScanResult{
+			Success: true,
+			Service: "Cassandra",
+			Banner:  cassandraInfo,
+			Extra: map[string]interface{}{
+				"service": "Cassandra",
+				"port":    info.Ports,
+				"info":    cassandraInfo,
+			},
+		}, nil
+	}
+	
+	// 如果无法识别为Cassandra，返回失败
+	return &base.ScanResult{
+		Success: false,
+		Error:   fmt.Errorf("无法识别为Cassandra服务"),
+	}, nil
+}
+
+// identifyCassandraService 通过连接识别Cassandra服务
+func (p *CassandraPlugin) identifyCassandraService(ctx context.Context, info *common.HostInfo) (string, bool) {
+	// 尝试建立简单的TCP连接
+	target := fmt.Sprintf("%s:%s", info.Host, info.Ports)
+	conn, err := common.WrapperTcpWithTimeout("tcp", target, time.Duration(common.Timeout)*time.Second)
+	if err != nil {
+		return "", false
+	}
+	defer conn.Close()
+	
+	// 对于Cassandra native protocol (9042)，尝试发送OPTIONS frame
+	if info.Ports == "9042" {
+		return p.identifyNativeProtocol(conn)
+	}
+	
+	// 通用端口检测（其他端口）
+	return p.identifyGenericCassandra(conn)
+}
+
+// identifyNativeProtocol 识别Cassandra native protocol
+func (p *CassandraPlugin) identifyNativeProtocol(conn net.Conn) (string, bool) {
+	// 设置读写超时
+	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+	
+	// Cassandra native protocol OPTIONS frame
+	// Frame format: version(1) + flags(1) + stream(2) + opcode(1) + length(4) + body
+	optionsFrame := []byte{
+		0x04,       // Version 4
+		0x00,       // Flags
+		0x00, 0x00, // Stream ID
+		0x05,       // Opcode: OPTIONS
+		0x00, 0x00, 0x00, 0x00, // Body length: 0
+	}
+	
+	// 发送OPTIONS请求
+	_, err := conn.Write(optionsFrame)
+	if err != nil {
+		return "", false
+	}
+	
+	// 读取响应
+	response := make([]byte, 1024)
+	n, err := conn.Read(response)
+	if err != nil || n < 8 {
+		return "", false
+	}
+	
+	// 检查响应是否为有效的Cassandra协议响应
+	if n >= 8 && response[0] == 0x84 { // Response version
+		// 简单解析响应以获取支持的版本信息
+		return "Cassandra Native Protocol v4", true
+	}
+	
+	return "", false
+}
+
+// identifyGenericCassandra 通用Cassandra识别
+func (p *CassandraPlugin) identifyGenericCassandra(conn net.Conn) (string, bool) {
+	// 设置超时
+	conn.SetDeadline(time.Now().Add(time.Duration(common.Timeout) * time.Second))
+	
+	// 尝试读取任何初始数据
+	response := make([]byte, 512)
+	n, err := conn.Read(response)
+	
+	if err == nil && n > 0 {
+		responseStr := string(response[:n])
+		// 检查响应中是否包含Cassandra相关信息
+		if strings.Contains(strings.ToLower(responseStr), "cassandra") {
+			return fmt.Sprintf("Cassandra服务: %s", strings.TrimSpace(responseStr)), true
+		}
+	}
+	
+	// 如果端口开放但没有明确标识，仍然认为可能是Cassandra
+	return "Cassandra服务", true
+}
+
+// =============================================================================
+// 插件注册
+// =============================================================================
+
+// RegisterCassandraPlugin 注册Cassandra插件
+func RegisterCassandraPlugin() {
+	factory := base.NewSimplePluginFactory(
+		&base.PluginMetadata{
+			Name:        "cassandra",
+			Version:     "2.0.0", 
+			Author:      "fscan-team",
+			Description: "Apache Cassandra服务扫描和利用插件",
+			Category:    "service",
+			Ports:       []int{9042}, // Cassandra Native Protocol
+			Protocols:   []string{"tcp"},
+			Tags:        []string{"cassandra", "nosql", "database", "bruteforce"},
+		},
+		func() base.Plugin {
+			return NewCassandraPlugin()
+		},
+	)
+	
+	base.GlobalPluginRegistry.Register("cassandra", factory)
+}
+
+// 自动注册
+func init() {
+	RegisterCassandraPlugin()
+}